Security Header X-Content-Type-Options and Prismic Previews

daf · November 20, 2021, 6:32pm

Hi there,

I have the exact issue as this topic noted below, and I was wondering if there have been any updates recently as the thread has been quiet since May.

I need to use the security header below in NextJS 12, with previews. Unfortunately, it is not working and resulting in the response noted again below.

  {
    key: 'X-Content-Type-Options',
    value: 'nosniff'
  },

Response

<!DOCTYPE html><html><head><meta http-equiv="Refresh" content="0; url={response-url}/>
    <script>window.location.href = {response-url}</script>
    </head>

Is there a workaround, I haven't yet migrated from the NPM module prismic-javascript > @prismicio/client. This is something I intend on doing over the next week or so.

Would this have an impact on this issue? or is this something you are still exploring a fix for?

Many thanks,

Duncan.

Pau · November 22, 2021, 7:12pm

Hello @daf, thanks for bringing this to our attention.
I'll open the discussion with the team that's working on the Next kit and let you know what we conclude.

Thanks

Pau · November 29, 2021, 6:09pm

This thread is being monitored as an open ticket in the internal Prismic issue tracker. The Prismic support team will update this post as we get more information from our dev team. If you have a similar use-case, you can ‘Flag’ this topic to reopen and add it here.

Topic		Replies	Views
NextJS with X-Content-Type-Options header breaks previews Developing with Prismic nextjs	3	1270	December 9, 2021
Previews and next.js Developing with Prismic nextjs	11	1044	March 14, 2022
Preview in NextJS on Vercel issue Developing with Prismic nextjs	10	1157	December 9, 2021
NextJS v12 Documentation Developing with Prismic	5	1678	July 6, 2023
Next.js with previews and Draft Mode Developing with Prismic	3	1302	June 7, 2023

Security Header X-Content-Type-Options and Prismic Previews

Related topics